i am working on my first installation of openldap, so please bear with me.
i assure you in advance i have been digging through the manual and only
resort to the mailing list after exhausting ability to understand how to
write
the access portion of slapd.conf by reading the administration guide. in
particular, if some of the language i use in the email is a bit hazy, im
trying
my best.

anyway here is the background; i have designed the tree structure as
follows
beneath the rootdn there are organizationalUnit objects and beneath those
there are
organizationalPerson objects.

Just on a general note, I'd say this is a fairly poor design decision.
Given the way that people often shift organizations, or work for more then
one, I've found that putting organizations in their own tree, and then
people in their own tree works a lot better, and makes ACLs easier.

In answer to your question, however, you may find that using sets helps
with some of what you want to do.